Search Results (363403 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6153 2 Apache, Redhat 13 Commons-httpclient, Developer Toolset, Jboss Bpms and 10 more 2025-04-12 N/A
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
CVE-2014-7433 1 Hioa 1 Student Id 2025-04-12 N/A
The Student ID (aka com.computas.studentbevis) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7435 1 Onesolutionapps 1 Ajd Bail Bonds 2025-04-12 N/A
The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7439 1 Beneplus 1 Bene\+ Odmeny A Slevy 2025-04-12 N/A
The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7446 1 Bilingual Magic Ball Project 1 Bilingual Magic Ball 2025-04-12 N/A
The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7448 1 Magzter 1 Dealside Institutional 2025-04-12 N/A
The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7450 1 Allnurses 1 Allnurses 2025-04-12 N/A
The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7458 1 Bloomyou 1 Bloomyou Valentine 2025-04-12 N/A
The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-1893 1 Owncloud 1 Owncloud 2025-04-12 N/A
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
CVE-2013-2045 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-7461 1 Teknopoint 1 A King Sperm By Dr. Seema Rao 2025-04-12 N/A
The A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application 0.63.13384.23020 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7462 1 Teamlava 1 Fashion Story\ 2025-04-12 N/A
The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-2270 2 Airvana, Sprint 3 Hubbub C1-600-rt, Airave, Airave Software 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7463 1 Im5 Fans Planet Project 1 Im5 Fans Planet 2025-04-12 N/A
The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7464 1 Magicstamp 1 Magic Stamp 2025-04-12 N/A
The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-2289 1 Batavi 1 Batavi 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
CVE-2014-7475 1 Drifty 1 Ionic View 2025-04-12 N/A
The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7483 1 Desire2learn Fusion 2014 Project 1 Desire2learn Fusion 2014 2025-04-12 N/A
The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application 4.0.729.1748 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7484 1 Enyetech 1 Coca-cola Fm Guatemala 2025-04-12 N/A
The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application 2.0.41725 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-4188 1 Plone 1 Plone 2025-04-12 N/A
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."